Fixed #3495: Warning even if administrator account is disabled

M login_page.php - The warning for administrator account was displayed if the account exists with the default password. It didn't check for the enabled flag. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@2280 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Jan 8, 2004 · 2890bbe · 2890bbe
1 parent 5d38039
commit 2890bbe
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/doc/ChangeLog b/doc/ChangeLog
@@ -4,6 +4,7 @@ Mantis ChangeLog
 
  * Fix #3467: Delete user ends up at user not found error.
  * Fix #3479: Reset account preferences of a user results in reset administrators (current) account.
+ * Fix #3495: Warning even if administrator account is disabled.
 
 2003.12.08  -  0.18.0
 

diff --git a/login_page.php b/login_page.php
@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: login_page.php,v 1.32 2003-08-21 14:31:42 vboctor Exp $
+	# $Id: login_page.php,v 1.33 2004-01-08 14:26:37 vboctor Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -112,8 +112,9 @@
 	}
 
 	# Generate a warning if administrator/root is valid.
-	if ( user_get_id_by_name( 'administrator' ) !== false ) {
-		if ( auth_does_password_match( user_get_id_by_name( 'administrator' ), 'root' ) ) {
+	$t_admin_user_id = user_get_id_by_name( 'administrator' );
+	if ( $t_admin_user_id !== false ) {
+		if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) {
 			echo '<div class="warning" align="center">';
 			echo '<p><font color="red"><strong>WARNING:</strong> You should disable the default "administrator" account or change its password.</font></p>';
 			echo '</div>';